A remote code
execution vulnerability exists in the way that Microsoft Outlook parses
specially crafted email messages. An attacker who successfully exploited this
vulnerability could take control of an affected system. An attacker could
then install programs; view, change, or delete data; or create new accounts
with full user rights. Exploitation of this vulnerability requires that a
user open or preview a specially crafted email message with an affected
version of Microsoft Outlook. In an email attack scenario, an attacker could
exploit the vulnerability by sending a specially crafted email message to the
user and then convincing the user to preview or open the email. The update
addresses the vulnerability by correcting the way that Microsoft Outlook
parses specially crafted email messages.

An elevation of
privilege vulnerability exists in Windows when the Microsoft Graphics
Component fails to properly handle objects in memory. An attacker who
successfully exploited this vulnerability could run arbitrary code in kernel
mode. An attacker could then install programs; view, change, or delete data;
or create new accounts with full user rights. To exploit this vulnerability,
an attacker would first have to log on to the system. An attacker could then
run a specially crafted application that could exploit the vulnerability and
take control of an affected system. The update addresses this vulnerability
by correcting how the Microsoft Graphics Component handles objects in memory.

An elevation of
privilege vulnerability exists in Windows when the Microsoft Graphics
Component fails to properly handle objects in memory. An attacker who
successfully exploited this vulnerability could run arbitrary code in kernel
mode. An attacker could then install programs; view, change, or delete data;
or create new accounts with full user rights. To exploit this vulnerability,
an attacker would first have to log on to the system. An attacker could then
run a specially crafted application that could exploit the vulnerability and
take control of an affected system. The update addresses this vulnerability
by correcting how the Microsoft Graphics Component handles objects in memory.

A remote code
execution vulnerability exists when Microsoft .NET Framework fails to
properly validate input before loading libraries. An attacker who
successfully exploited this vulnerability could take control of an affected
system. An attacker could then install programs; view, change, or delete
data; or create new accounts with full user rights. Users whose accounts are
configured to have fewer user rights on the system could be less impacted
than users who operate with administrative user rights. To exploit the
vulnerability, an attacker would first need to access the local system with
the ability to execute a malicious application. The security update addresses
the vulnerability by correcting how .NET validates input on library load.

An elevation of
privilege vulnerability exists when Microsoft Windows fails to properly
sanitize handles in memory. An attacker who successfully exploited the
vulnerability could run arbitrary code as System. An attacker could then
install programs; view, change, or delete data; or create new accounts with
full user rights. To exploit the vulnerability, an attacker would first have
to log on to the system. An attacker could then run a specially crafted
application designed to elevate privileges. The update addresses the
vulnerability by correcting how Windows sanitizes handles in memory.

An information
disclosure vulnerability exists when the Windows kernel improperly handles
objects in memory. An attacker who successfully exploited this vulnerability
could obtain information to further compromise the user’s system. An
authenticated attacker could exploit this vulnerability by running a
specially crafted application. The update addresses the vulnerability by
correcting how the Windows kernel handles objects in memory.

A Win32k
information disclosure vulnerability exists when the win32k component
improperly provides kernel information. An attacker who successfully
exploited the vulnerability could obtain information to further compromise
the user’s system. To exploit this vulnerability, an attacker would have to
log on to an affected system and run a specially crafted application. The
security update addresses the vulnerability by correcting how win32k handles
objects in memory.

An elevation of
privilege vulnerability exists in Windows when the Windows kernel-mode driver
fails to properly handle objects in memory. An attacker who successfully
exploited this vulnerability could run arbitrary code in kernel mode. An
attacker could then install programs; view, change, or delete data; or create
new accounts with full user rights. To exploit this vulnerability, an
attacker would first have to log on to the system. An attacker could then run
a specially crafted application that could exploit the vulnerability and take
control of an affected system. The update addresses this vulnerability by
correcting how the Windows kernel-mode driver handles objects in memory.

An information
disclosure vulnerability exists in Adobe Type Manager Font Driver (ATMFD.dll)
when it fails to properly handle objects in memory. An attacker who
successfully exploited the vulnerability could obtain information to further
compromise the user’s system. There are multiple ways an attacker could
exploit the vulnerability, such as by convincing a user to open a specially
crafted document, or by convincing a user to visit an untrusted webpage. The
update addresses the vulnerability by correcting how ATMFD.dll handles
objects in memory.

An information
disclosure vulnerability exists when Microsoft Office improperly discloses
the contents of its memory. An attacker who exploited the vulnerability could
use the information to compromise the user’s computer or data. To exploit the
vulnerability, an attacker could craft a special document file and then
convince the user to open it. An attacker must know the memory address
location where the object was created. The update addresses the vulnerability
by changing the way certain functions handle objects in memory.

A remote code
execution vulnerability exists in the way that Microsoft Office and WordPad
parse specially crafted files. An attacker who successfully exploited this
vulnerability could take control of an affected system. An attacker could
then install programs; view, change, or delete data; or create new accounts
with full user rights. Exploitation of this vulnerability requires that a
user open or preview a specially crafted file with an affected version of
Microsoft Office. In an email attack scenario, an attacker could exploit the
vulnerability by sending a specially crafted file to the user and then
convincing the user to open the file. The update addresses the vulnerability
by correcting the way that Microsoft Office parses specially crafted files,
and by enabling API functionality in Windows that Microsoft Office and
WordPad will leverage to resolve the identified issue.

A remote code execution vulnerability exists when Microsoft Edge improperly
accesses objects in memory. The vulnerability could corrupt memory in such a
way that enables an attacker to execute arbitrary code in the context of the
current user. An attacker who successfully exploited the vulnerability could
gain the same user rights as the current user. If the current user is logged
on with administrative user rights, an attacker could take control of an
affected system. An attacker could then install programs; view, change, or
delete data; or create new accounts with full user rights. An attacker could
host a specially crafted website that is designed to exploit the
vulnerability through Microsoft Edge, and then convince a user to view the
website. The attacker could also take advantage of compromised websites and
websites that accept or host user-provided content or advertisements by
adding specially crafted content that could exploit the vulnerability. In all
cases, however, an attacker would have no way to force users to view the
attacker-controlled content. Instead, an attacker would have to convince
users to take action, typically by way of enticement in an email or Instant
Messenger message, or by getting them to open an attachment sent through
email. The security update addresses the vulnerability by modifying how
Microsoft Edge handles objects in memory.

A remote code
execution vulnerability exists in the way that the JScript and VBScript
engines render when handling objects in memory in Internet Explorer. The
vulnerability could corrupt memory in such a way that an attacker could
execute arbitrary code in the context of the current user. An attacker who
successfully exploited the vulnerability could gain the same user rights as
the current user. If the current user is logged on with administrative user
rights, an attacker who successfully exploited the vulnerability could take
control of an affected system. An attacker could then install programs; view,
change, or delete data; or create new accounts with full user rights. In a
web-based attack scenario, an attacker could host a specially crafted website
that is designed to exploit the vulnerability through Internet Explorer and
then convince a user to view the website. An attacker could also embed an
ActiveX control marked "safe for initialization" in an application
or Microsoft Office document that hosts the IE rendering engine. The attacker
could also take advantage of compromised websites and websites that accept or
host user-provided content or advertisements. These websites could contain
specially crafted content that could exploit the vulnerability. The update
addresses the vulnerability by modifying how the JScript and VBScript
scripting engines handle objects in memory.

A remote code
execution vulnerability exists when Internet Explorer improperly accesses
objects in memory. The vulnerability could corrupt memory in such a way that
an attacker could execute arbitrary code in the context of the current user.
An attacker who successfully exploited the vulnerability could gain the same
user rights as the current user. If the current user is logged on with
administrative user rights, the attacker could take control of an affected
system. An attacker could then install programs; view, change, or delete
data; or create new accounts with full user rights. An attacker could host a
specially crafted website designed to exploit the vulnerability through
Internet Explorer and then convince a user to view the website. The attacker could
also take advantage of compromised websites, or websites that accept or host
user-provided content or advertisements, by adding specially crafted content
that could exploit the vulnerability. In all cases, however, an attacker
would have no way to force users to view the attacker-controlled content.
Instead, an attacker would have to convince users to take action, typically
by an enticement in an email or instant message, or by getting them to open
an attachment sent through email. The update addresses the vulnerability by
modifying how Internet Explorer handles objects in memory.

A remote code
execution vulnerability exists when Microsoft Edge improperly accesses
objects in memory. The vulnerability could corrupt memory in such a way that
enables an attacker to execute arbitrary code in the context of the current
user. An attacker who successfully exploited the vulnerability could gain the
same user rights as the current user. If the current user is logged on with
administrative user rights, an attacker could take control of an affected
system. An attacker could then install programs; view, change, or delete
data; or create new accounts with full user rights. An attacker could host a
specially crafted website that is designed to exploit the vulnerability
through Microsoft Edge, and then convince a user to view the website. The
attacker could also take advantage of compromised websites and websites that
accept or host user-provided content or advertisements by adding specially
crafted content that could exploit the vulnerability. In all cases, however,
an attacker would have no way to force users to view the attacker-controlled
content. Instead, an attacker would have to convince users to take action,
typically by way of enticement in an email or Instant Messenger message, or
by getting them to open an attachment sent through email. The security update
addresses the vulnerability by modifying how Microsoft Edge handles objects
in memory.

An elevation of
privilege vulnerability exists when Internet Explorer does not properly
enforce cross-domain policies, which could allow an attacker to access
information from one domain and inject it into another domain. The update
addresses the vulnerability by helping to ensure that cross-domain policies
are properly enforced in Internet Explorer. In a web-based attack scenario,
an attacker could host a website that is used to attempt to exploit the
vulnerability. In addition, compromised websites and websites that accept or
host user-provided content could contain specially crafted content that could
exploit the vulnerability. In all cases, however, an attacker would have no
way to force users to view the attacker-controlled content. Instead, an
attacker would have to convince users to take action. For example, an
attacker could trick users into clicking a link that takes them to the
attacker's site. An attacker who successfully exploited this vulnerability could
elevate privileges in affected versions of Internet Explorer. The
vulnerability by itself does not allow arbitrary code to be run. However, the
vulnerability could be used in conjunction with another vulnerability (for
example, a remote code execution vulnerability) that could take advantage of
the elevated privileges when running arbitrary code. For example, an attacker
could exploit another vulnerability to run arbitrary code through Internet
Explorer, but due to the context in which processes are launched by Internet
Explorer, the code might be restricted to run at a low integrity level (very
limited permissions). However, an attacker could, in turn, exploit this
vulnerability to cause the arbitrary code to run at a medium integrity level
(permissions of the current user).